[Buildroot] [PATCH] samba4: security bump to version 4.6.11

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Wed Nov 22 20:30:44 UTC 2017


Hello,

On Tue, 21 Nov 2017 23:43:13 +0100, Peter Korsgaard wrote:
> Fixes the following security issues:
> 
>  - CVE-2017-14746:
>    All versions of Samba from 4.0.0 onwards are vulnerable to a use after
>    free vulnerability, where a malicious SMB1 request can be used to
>    control the contents of heap memory via a deallocated heap pointer. It
>    is possible this may be used to compromise the SMB server.
> 
>  - CVE-2017-15275:
>    All versions of Samba from 3.6.0 onwards are vulnerable to a heap
>    memory information leak, where server allocated heap memory may be
>    returned to the client without being cleared.
> 
>    There is no known vulnerability associated with this error, but
>    uncleared heap memory may contain previously used data that may help
>    an attacker compromise the server via other methods. Uncleared heap
>    memory may potentially contain password hashes or other high-value
>    data.
> 
> For more details, see the release notes:
> https://www.samba.org/samba/history/samba-4.6.11.html
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  package/samba4/samba4.hash | 2 +-
>  package/samba4/samba4.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com


More information about the buildroot mailing list